This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

This month's security bulletins

Paul Thurrott | Oct 09, 2007

I'm sitting in the Nashville airport (literally, on the floor, with a nice Verizon Wireless EV-DO Rev-A connection) on the way home from Phoenix and decided to check up on email. (Taking a day off can be brutal.) Anyway, Microsoft sent along the following note about this month's security bulletins:

As part of Microsoft’s
commitment to deliver security updates on a predictable and consistent
monthly schedule, Microsoft addressed nine vulnerabilities today by
releasing six security bulletins:

·MS07-055 (Maximum severity of Critical):
This update resolves a newly discovered and privately reported
vulnerability in Microsoft Windows, which could allow an attacker toremotely execute code on the affected system.

·MS07-056 (Maximum severity of Critical):
This update resolves a newly discovered and privately reported
vulnerability in Microsoft Windows, which could allow an attacker toremotely execute code on the affected system.

·MS07-057 (Maximum severity of Critical):
This update resolves three privately reported and one publicly
disclosed vulnerabilities in Internet Explorer which could allow an
attacker toremotely execute code on the affected system.

·MS07-058 (Maximum severity of Important):
This update resolves a newly discovered and privately reported
vulnerability in Microsoft Windows, which could allow an attacker to
make a user’s system become non-responsive and restart.

·MS07-059 (Maximum severity of Important): This update resolves a newly discovered and privately reported vulnerability in MicrosoftWindows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007,which could allow an attacker torun arbitrary script that could result in elevation of privilege within the SharePoint site.

·MS07-060 (Maximum severity of Critical):
This update resolves a newly discovered and privately reported
vulnerability in Microsoft Word, which could allow an attacker torun arbitrary code as the logged on user.

You
might notice that Microsoft is shipping six bulletins this month,
instead of seven as originally stated in the Advance Notification
Service (ANS) last Thursday. As previously communicated, the ANS is
always subject to change. Microsoft decided to remove one of the
updates from the release schedule due to a quality control issue, so
the issue can be resolved prior to releasing the update to customers.

Also,
Microsoft recommends that all customers sign up for Microsoft Update
(MU) and enable its Automatic Updates functionality to receive all
updates available this month and to help make their systems more
secure. Customers can sign up for MU by following the steps at:http://update.microsoft.com/microsoftupdate.

Additional Resources

The monthly installment of the technology to remove malicious software from users systems is available today as well. This month’s update removesWin 32/Rjump. Customers can download the tool atwww.microsoft.com/malwareremove.

Microsoft
encourages IT professionals to tune into the monthly TechNet Radio
interview with Security Program Manager Christopher Budd, where he will
discuss this month’s security updates. This interview can be downloaded athttp://www.microsoft.com/tnradio.